MIST 2090 part A final
decentralization (4 conditions for using the crowd for estimation purposes)
the people making the guesses should be able to draw on their private, local knowledge
clear outcomes
the people who worked on Linux knew what the end result of their work would be (directly and indirectly)
aggregation (4 conditions for using the crowd for estimation purposes)
there must be some way of aggregating the guesses into a single collective guess (by taking the average)
conventional technical approaches to security include...
- MFA - monitoring & anomoly detection - software updates
ways to organize the crowd
- formal hierarchies - markets - self-organizing structures
characteristics of effective self-organizing structures (like Linux)
- openness - noncredentialism - verifiable & reversible conditions - clear outcomes - self-organization - geeky leadership
compare a database to a spreadsheet
Although they're very powerful and useful, spreadsheets are generally not the best tool to store large or complicated sets of data advantages of using a database model: - redundant data - data access - data security - big data
primary key
For each entity, we list attributes (properties) that we want to store values for, one of which is called the _____ an attribute that can have a unique value for every instance (record) that you store in a table (ex: SSN, student ID number)
ox weight example
In a contest where people bought tickets to guess the weight of an ox, the average guess of the crowd was one pound off from the real weight of the ox. This is an example of leveraging the knowledge of the crowd.
cryptocurrencies & BTC technology
It is essential that blockchain technology NOT follow the free/perfect/instant economics of information goods. Blockchain acts as a distributed / decentralized ledger system that logs transactions. It is considered secure because you can't make free copies of bitcoins or use the same one over and over. The distributed database enables the security and effectiveness of the system, which is entirely due to the crowd. There is tension between the fact that bitcoin is a digital good (which typically follows free/perfect/instant), while blockchain prevents you from using free copies of bitcoin. Blockchain is how bitcoin is linked to the crowd.
openness
Linus made his initial request for contributions as broad as possible - anyone could help
geeky leadership
Linus was engaged and informed about the work
role of good management of future companies / how to lead effectively"
Managers provide social skills of coordination, negotiation, persuasion, and social perceptiveness. This is more relative today because the world is complex and fast-changing, and coordination is more important today than ever before. In addition, humans are social creatures and want to work together. Most of us don't find algorithms persuasive; we need a good story or anecdote. How to lead effectively in this age includes egalitarianism (especially of ideas) and transparency of information.
shortfalls of the conventional technical approach
Skilled hackers prefer social engineering attacks over brute force attacks (it is easier to fool a human than a machine) Biometric authentication and MFA prevent attacks from outsiders but not from rogue insiders - insider threats include both negligence and malice - motives for malicious attacks include financial gain and revenge Conventional technical approaches to IT security risks overemphasize identifiable risks and underemphasize insider threats & social engineering attacks
The relationship between transaction cost economics and self-organizing (why might companies be considered passe?)
TCE - hierarchical model might be more costly than the market model b/c technology decreases transaction costs self-organizing models - hierarchical model might be more costly b/c there are ways to organize production & labor that require very little capital at all
problems arising from the non-hierarchical / messy crowd
The crowd is not organized / focused on solving problems, presenting 2 difficult problems: - it can be hard to find what you're looking for in an ocean of uncontrolled information (the core can curate information, but there's just too much in the crowd) - some of its members behave in hurtful ways (the core can evict bad actors, but that's hard to do on the web) Effective solutions will probably leverage machine learning AI technologies (ex: Reddit website)
relational database model
The organization scheme chosen for a database is called its logical data model; the most popular set of standard rules for database organization is known as the _____ components include entities, relationships, and attributes
when/why outsiders can be more effective than experts...
When things get really complex, don't look to the experts. Instead, call in the outsiders to help with complex, multidisciplinary tasks with objective evaluations as to the potential solutions . New knowledge is being created in other fields and it is slow to enter the core; many problems, opportunities, and projects benefit from different perspectives, people, and teams.
formal hierarchies (ways to organize the crowd)
a boss tells everyone how to focus their resources (ex: labor) in exchange for money
foreign key
a foreign key in one table is always the primary key in another table
what is the difference between a hot and cold backup site?
a hot site - fully operational & instantaneously usable replica of the firm's mission-critical IT assets (very costly) a cold site - the opposite extreme; inexpensive but very slow to start up and resume business operations
redundant data (advantages of using a database over a spreadsheet)
a relational model with primary & foreign keys allows you to avoid storing redundant data in a single table (such as on a spreadsheet)
data security (advantages of using a database over a spreadsheet)
an administrator can grant each user a different level of access ensuring that confidential info is not accessed by unauthorized parties
organizational security frameworks
an organization's suite of security controls, made up of many entities, protection mechanisms, processes, and procedures
database
an organized collection of data, at the heart of most all useful information systems (search engines, ATM/credit transactions, TPS, personal info management tools) Databases are an important component in making any technology work successfully.
define a management information system
an organized integration of hardware and software technologies, data, processes, and human elements designed to produce timely, integrated, relevant, accurate, and useful information for decision-making purposes
technical (logical) security controls
authentication, encryption, firewalls, biometrics, etc
what areas are there "best practices" for security control?
continuity planning & disaster recovery employees / HR data management
verifiable & reversible contributions
contributors can't irreversibly break or worsen the software - it is democratic in nature
self-organizing structures (ways to organize the crowd)
create an environment where anybody can pitch in that is open, doesn't require credentials, people can choose what they work on, etc
entities (components of the relational database model)
data is stored in one or more tables corresponding to entities (things & concepts for which you wish to store data in the database) - tables consist of records which correspond to rows in the tables - records store data on a single instance of an entity - a record consists of one or more fields (attributes)
big data (advantages of using a database over a spreadsheet)
databases can handle larger datasets more effectively
noncredentialism
diplomas, job titles, recommendation letters, experience, grades, etc, don't matter - if your work is good, there aren't requirements or barriers to helping
the core
dominant organizations, institutions, groups, and processes of the pre-Internet era
relationships (components of the relational database model)
entities are connected through relationships 3 choices for relationships between 2 entities include: 1:1 1:m m:m
attributes (components of the relational database model)
fields are often referred to as attributes and correspond to columns of the tables
markets (ways to organize the crowd)
focus the crowd's info resources, let people freely transact with each other without centralized control
what should the core rely on the crowd for?
get work done find the right resource conduct market research acquire new customers acquire innovation trading AVOID products for which safety and quality is paramount (and the consequences of potential missteps involve very high stakes)
The "stories" behind the hacking methods illustrated in the in-class video
https://www.youtube.com/watch?v=bjYhmX_OUQQ
when using the crowd for estimation purposes, what 4 conditions must be met?
independence diversity decentralization aggregation
monitoring & anomaly detection (conventional technical approaches to security)
intrusion detection and intrusion prevention ex: flagged account after numerous failed login attempts & blocked access to critical systems from international IP addresses
diversity (4 conditions for using the crowd for estimation purposes)
it is important to have a diverse set of guesses (ex: farmers, butchers, livestock experts, housewives, etc) and therefore have a wide distribution of backgrounds to avoid systematic error / bias
physical security controls
locks, monitoring, mantraps (can't open both doors @ same time), environmental controls
(data) integrity
maintaining and assuring the accuracy & reliability of the information and systems over its lifecycle - accidental or unintentional modifications to data cannot occur undetected - integrity threats include data entry error (undercharging) and incorrect modifications of data - safety measures include access/change controls and audit trails
data access (advantages of using a database over a spreadsheet)
multiple users can query a single database simultaneously
the crowd
new participants and practices enabled by the net and its attendant technologies
self-organization
people decided for themselves which aspects of Linux to work on
administrative security controls
policies, standards, procedures, guidelines, personnel screening, training
AIC triad`
represents the heart of information security (also referred to as the CIA Triad), 3 concepts commonly applied to all info systems and often forms the basis of security policies, rules of corporate governance, etc AVAILABILITY INTEGRITY CONFIDENTIALITY
employees / HR (best practices for security control)
rotation of duties mandatory vacations split knowledge (separation of duties concept) dual control (2 or more people perform the same action) strict procedure for employee termination
software updates (conventional technical approaches to security)
routine patching of newly-discovered vulnerabilities
security controls
the following controls should be utilized to achieve security management directives: - administrative - technical (logical) - physical
confidentiality
the property that info is not disclosed or otherwise made available to unauthorized individuals, entities, or processes - not the same as privacy; confidentiality is a component of privacy that is specific to unauthorized viewers of information - confidentiality threats include shoulder surfing and social engineering - safety measures include access controls and encryption of data (at rest, in transit)
database management system (DBMS)
the software application that lets you create and work with a database
continuity planning & disaster recovery (best practices for security control)
the tactical plan for quickly resuming your firm's business operations after a catastrophe (aka an attack against availability) typically relies on backup sites (hot vs cold)
independence (4 conditions for using the crowd for estimation purposes)
the various guesses must be independent of one another; each person must guess without the knowledge of what other people have guessed
data management (best practices for security control)
unlink sensitive data from other data to minimize the damage if it is stolen systems with sensitive data should be walled off from the other systems in the data environment anonymize sensitive data if you only need aggregates for analytics initiatives encrypt data both in transit and in storage so that it is unreadable if it does fall into the wrong hands
MFA (conventional technical approaches to security)
uses something you know (a password), something you have (an ATM card), and something you are (your fingerprint)
1:1 relationship
when an instance of 1 entity can have a relationship with 1 (and only 1) instance of the other entity
1:m relationship
when an instance of the first entity can have a relationship with 1 or more instances of the second entity, but instances of the second entity can be related to only 1 instance of the first
m:m relationship
when instances of each entity can be related to 1 or more instances of the other entity
